```html
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Spring Security 安全框架指南</title>
    <link href="https://cdn.staticfile.org/font-awesome/6.4.0/css/all.min.css" rel="stylesheet">
    <link href="https://cdn.staticfile.org/tailwindcss/2.2.19/tailwind.min.css" rel="stylesheet">
    <link href="https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@400;500;600;700&family=Noto+Sans+SC:wght@300;400;500;700&display=swap" rel="stylesheet">
    <script src="https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.min.js"></script>
    <style>
        body {
            font-family: 'Noto Sans SC', Tahoma, Arial, Roboto, "Droid Sans", "Helvetica Neue", "Droid Sans Fallback", "Heiti SC", "Hiragino Sans GB", Simsun, sans-serif;
            color: #333;
            line-height: 1.6;
        }
        h1, h2, h3, h4, h5, h6 {
            font-family: 'Noto Serif SC', serif;
            font-weight: 600;
            color: #2d3748;
        }
        .hero {
            background: linear-gradient(135deg, #4f46e5 0%, #7c3aed 100%);
        }
        .card {
            transition: all 0.3s ease;
            box-shadow: 0 4px 6px rgba(0, 0, 0, 0.05);
        }
        .card:hover {
            transform: translateY(-5px);
            box-shadow: 0 10px 15px rgba(0, 0, 0, 0.1);
        }
        .code-block {
            background-color: #2d3748;
            color: #f7fafc;
            border-radius: 0.375rem;
        }
        .feature-icon {
            color: #4f46e5;
            font-size: 1.5rem;
        }
        .feature-card:hover .feature-icon {
            color: #7c3aed;
            transform: scale(1.1);
        }
        .mermaid {
            background: white;
            padding: 1rem;
            border-radius: 0.5rem;
            box-shadow: 0 4px 6px rgba(0, 0, 0, 0.05);
        }
    </style>
</head>
<body class="bg-gray-50">
    <!-- Hero Section -->
    <section class="hero text-white py-20 px-4 md:px-0">
        <div class="container mx-auto max-w-6xl">
            <div class="flex flex-col md:flex-row items-center">
                <div class="md:w-1/2 mb-10 md:mb-0">
                    <h1 class="text-4xl md:text-5xl font-bold mb-6">Spring Security</h1>
                    <p class="text-xl mb-8 opacity-90">为Java应用提供全面的安全管理框架</p>
                    <p class="text-lg opacity-80 mb-8">Spring Security 是一个功能强大的安全框架，用于为 Java 应用程序提供全面的安全管理。它是 Spring 生态系统的一部分，集成了许多安全功能，可以有效地保护 Web 应用程序、微服务和企业应用程序。</p>
                    <div class="flex space-x-4">
                        <a href="#features" class="bg-white text-indigo-600 px-6 py-3 rounded-lg font-medium hover:bg-gray-100 transition duration-300">
                            <i class="fas fa-shield-alt mr-2"></i> 核心功能
                        </a>
                        <a href="#diagram" class="border border-white text-white px-6 py-3 rounded-lg font-medium hover:bg-white hover:text-indigo-600 transition duration-300">
                            <i class="fas fa-project-diagram mr-2"></i> 架构图
                        </a>
                    </div>
                </div>
                <div class="md:w-1/2 flex justify-center">
                    <img src="https://spring.io/img/projects/spring-security.svg" alt="Spring Security Logo" class="w-64 h-64 object-contain">
                </div>
            </div>
        </div>
    </section>

    <!-- Features Section -->
    <section id="features" class="py-16 px-4 md:px-0 bg-white">
        <div class="container mx-auto max-w-6xl">
            <div class="text-center mb-16">
                <h2 class="text-3xl font-bold mb-4">Spring Security 核心功能</h2>
                <p class="text-gray-600 max-w-2xl mx-auto">提供从身份认证到授权的全方位安全解决方案</p>
            </div>

            <div class="grid md:grid-cols-2 lg:grid-cols-3 gap-8">
                <!-- Feature 1 -->
                <div class="feature-card bg-white rounded-xl p-6 shadow-md border border-gray-100">
                    <div class="flex items-center mb-4">
                        <div class="feature-icon mr-4">
                            <i class="fas fa-user-shield"></i>
                        </div>
                        <h3 class="text-xl font-semibold">身份认证</h3>
                    </div>
                    <p class="text-gray-600 mb-4">确保用户身份的真实性。验证用户确实是他声称的那个人。</p>
                    <div class="space-y-2">
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>表单登录</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>OAuth2/OpenID Connect</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>LDAP认证</span>
                        </div>
                    </div>
                </div>

                <!-- Feature 2 -->
                <div class="feature-card bg-white rounded-xl p-6 shadow-md border border-gray-100">
                    <div class="flex items-center mb-4">
                        <div class="feature-icon mr-4">
                            <i class="fas fa-user-lock"></i>
                        </div>
                        <h3 class="text-xl font-semibold">授权管理</h3>
                    </div>
                    <p class="text-gray-600 mb-4">确保用户有权访问某些资源或执行某些操作。</p>
                    <div class="space-y-2">
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>基于角色的访问控制</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>基于权限的访问控制</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>方法级安全</span>
                        </div>
                    </div>
                </div>

                <!-- Feature 3 -->
                <div class="feature-card bg-white rounded-xl p-6 shadow-md border border-gray-100">
                    <div class="flex items-center mb-4">
                        <div class="feature-icon mr-4">
                            <i class="fas fa-clock"></i>
                        </div>
                        <h3 class="text-xl font-semibold">会话管理</h3>
                    </div>
                    <p class="text-gray-600 mb-4">管理用户会话，防止会话固定攻击、会话劫持等安全问题。</p>
                    <div class="space-y-2">
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>会话固定攻击防护</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>会话超时控制</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>并发会话控制</span>
                        </div>
                    </div>
                </div>

                <!-- Feature 4 -->
                <div class="feature-card bg-white rounded-xl p-6 shadow-md border border-gray-100">
                    <div class="flex items-center mb-4">
                        <div class="feature-icon mr-4">
                            <i class="fas fa-key"></i>
                        </div>
                        <h3 class="text-xl font-semibold">密码管理</h3>
                    </div>
                    <p class="text-gray-600 mb-4">确保用户密码的安全存储和处理。</p>
                    <div class="space-y-2">
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>强哈希算法加密</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>密码重置功能</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>BCrypt/PBKDF2支持</span>
                        </div>
                    </div>
                </div>

                <!-- Feature 5 -->
                <div class="feature-card bg-white rounded-xl p-6 shadow-md border border-gray-100">
                    <div class="flex items-center mb-4">
                        <div class="feature-icon mr-4">
                            <i class="fas fa-shield-alt"></i>
                        </div>
                        <h3 class="text-xl font-semibold">CSRF保护</h3>
                    </div>
                    <p class="text-gray-600 mb-4">防止恶意网站发起伪造请求，攻击用户的应用程序。</p>
                    <div class="space-y-2">
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>CSRF令牌验证</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>HTTP ONLY Cookie支持</span>
                        </div>
                    </div>
                </div>

                <!-- Feature 6 -->
                <div class="feature-card bg-white rounded-xl p-6 shadow-md border border-gray-100">
                    <div class="flex items-center mb-4">
                        <div class="feature-icon mr-4">
                            <i class="fas fa-code"></i>
                        </div>
                        <h3 class="text-xl font-semibold">XSS防护</h3>
                    </div>
                    <p class="text-gray-600 mb-4">防止恶意用户在应用程序中注入恶意脚本代码。</p>
                    <div class="space-y-2">
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>内容安全策略(CSP)</span>
                        </div>
                        <div class="flex items-center">
                            <i class="fas fa-check-circle text-green-500 mr-2"></i>
                            <span>自动转义处理</span>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </section>

    <!-- Detailed Content Section -->
    <section class="py-16 px-4 md:px-0 bg-gray-50">
        <div class="container mx-auto max-w-6xl">
            <div class="mb-16">
                <h2 class="text-3xl font-bold text-center mb-4">深入解析 Spring Security</h2>
                <p class="text-gray-600 text-center max-w-2xl mx-auto">探索 Spring Security 的核心功能与实现细节</p>
            </div>

            <!-- Authentication -->
            <div class="bg-white rounded-xl shadow-md overflow-hidden mb-8 card">
                <div class="p-6">
                    <div class="flex items-center mb-4">
                        <div class="bg-indigo-100 p-3 rounded-full mr-4">
                            <i class="fas fa-user-shield text-indigo-600"></i>
                        </div>
                        <h3 class="text-2xl font-semibold">1. 身份认证（Authentication）</h3>
                    </div>
                    <p class="text-gray-600 mb-4"><strong>用途：</strong>确保用户身份的真实性。身份认证是验证用户身份的过程，即确保用户是他们声称的那个人。</p>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">实现方式：</h4>
                    <div class="grid md:grid-cols-2 gap-4 mb-6">
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">表单登录</h5>
                                <p class="text-sm text-gray-500">使用登录表单进行用户认证</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">基本认证</h5>
                                <p class="text-sm text-gray-500">使用 HTTP Basic Authentication</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">OAuth2 / OpenID Connect</h5>
                                <p class="text-sm text-gray-500">集成第三方认证服务</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">LDAP认证</h5>
                                <p class="text-sm text-gray-500">集成 LDAP 服务进行认证</p>
                            </div>
                        </div>
                    </div>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">示例代码：</h4>
                    <div class="code-block rounded-lg overflow-hidden mb-6">
                        <pre class="p-4 text-sm overflow-x-auto"><code class="language-java">@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("user").password("{noop}password").roles("USER");
    }
}</code></pre>
                    </div>
                </div>
            </div>

            <!-- Authorization -->
            <div class="bg-white rounded-xl shadow-md overflow-hidden mb-8 card">
                <div class="p-6">
                    <div class="flex items-center mb-4">
                        <div class="bg-indigo-100 p-3 rounded-full mr-4">
                            <i class="fas fa-user-lock text-indigo-600"></i>
                        </div>
                        <h3 class="text-2xl font-semibold">2. 授权（Authorization）</h3>
                    </div>
                    <p class="text-gray-600 mb-4"><strong>用途：</strong>确保用户有权访问某些资源或执行某些操作。授权是确定用户是否有权限执行特定操作的过程。</p>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">实现方式：</h4>
                    <div class="grid md:grid-cols-2 gap-4 mb-6">
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">基于角色的访问控制</h5>
                                <p class="text-sm text-gray-500">根据用户的角色控制访问权限</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">基于权限的访问控制</h5>
                                <p class="text-sm text-gray-500">根据用户的权限控制访问</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">方法级安全</h5>
                                <p class="text-sm text-gray-500">在方法级别定义权限要求</p>
                            </div>
                        </div>
                    </div>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">示例代码：</h4>
                    <div class="code-block rounded-lg overflow-hidden mb-6">
                        <pre class="p-4 text-sm overflow-x-auto"><code class="language-java">@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/admin/**").hasRole("ADMIN")
                .antMatchers("/user/**").hasRole("USER")
                .and()
            .formLogin();
    }
}</code></pre>
                    </div>
                </div>
            </div>

            <!-- Session Management -->
            <div class="bg-white rounded-xl shadow-md overflow-hidden mb-8 card">
                <div class="p-6">
                    <div class="flex items-center mb-4">
                        <div class="bg-indigo-100 p-3 rounded-full mr-4">
                            <i class="fas fa-clock text-indigo-600"></i>
                        </div>
                        <h3 class="text-2xl font-semibold">3. 会话管理（Session Management）</h3>
                    </div>
                    <p class="text-gray-600 mb-4"><strong>用途：</strong>管理用户会话，以防止会话固定攻击、会话劫持等安全问题。</p>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">实现方式：</h4>
                    <div class="grid md:grid-cols-2 gap-4 mb-6">
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">会话固定攻击防护</h5>
                                <p class="text-sm text-gray-500">确保会话 ID 在登录时被重新生成</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">会话超时</h5>
                                <p class="text-sm text-gray-500">配置会话超时策略</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">并发会话控制</h5>
                                <p class="text-sm text-gray-500">限制每个用户的并发会话数</p>
                            </div>
                        </div>
                    </div>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">示例代码：</h4>
                    <div class="code-block rounded-lg overflow-hidden mb-6">
                        <pre class="p-4 text-sm overflow-x-auto"><code class="language-java">@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .sessionManagement()
                .sessionFixation().newSession()
                .maximumSessions(1)
                .maxSessionsPreventsLogin(true);
    }
}</code></pre>
                    </div>
                </div>
            </div>

            <!-- Password Management -->
            <div class="bg-white rounded-xl shadow-md overflow-hidden mb-8 card">
                <div class="p-6">
                    <div class="flex items-center mb-4">
                        <div class="bg-indigo-100 p-3 rounded-full mr-4">
                            <i class="fas fa-key text-indigo-600"></i>
                        </div>
                        <h3 class="text-2xl font-semibold">4. 密码管理</h3>
                    </div>
                    <p class="text-gray-600 mb-4"><strong>用途：</strong>确保用户密码的安全存储和处理。</p>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">实现方式：</h4>
                    <div class="grid md:grid-cols-2 gap-4 mb-6">
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">密码加密</h5>
                                <p class="text-sm text-gray-500">使用强哈希算法加密存储</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">密码重置</h5>
                                <p class="text-sm text-gray-500">提供安全的密码重置功能</p>
                            </div>
                        </div>
                    </div>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">示例代码：</h4>
                    <div class="code-block rounded-lg overflow-hidden mb-6">
                        <pre class="p-4 text-sm overflow-x-auto"><code class="language-java">@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .passwordEncoder(new BCryptPasswordEncoder())
            .withUser("user").password(new BCryptPasswordEncoder().encode("password")).roles("USER");
    }
}</code></pre>
                    </div>
                </div>
            </div>

            <!-- CSRF Protection -->
            <div class="bg-white rounded-xl shadow-md overflow-hidden mb-8 card">
                <div class="p-6">
                    <div class="flex items-center mb-4">
                        <div class="bg-indigo-100 p-3 rounded-full mr-4">
                            <i class="fas fa-shield-alt text-indigo-600"></i>
                        </div>
                        <h3 class="text-2xl font-semibold">5. 跨站请求伪造（CSRF）保护</h3>
                    </div>
                    <p class="text-gray-600 mb-4"><strong>用途：</strong>防止恶意网站发起伪造请求，攻击用户的应用程序。</p>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">实现方式：</h4>
                    <div class="flex items-start">
                        <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                        <div>
                            <h5 class="font-medium">CSRF令牌</h5>
                            <p class="text-sm text-gray-500">使用 CSRF 令牌验证请求的合法性</p>
                        </div>
                    </div>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">示例代码：</h4>
                    <div class="code-block rounded-lg overflow-hidden mb-6">
                        <pre class="p-4 text-sm overflow-x-auto"><code class="language-java">@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    }
}</code></pre>
                    </div>
                </div>
            </div>

            <!-- XSS Protection -->
            <div class="bg-white rounded-xl shadow-md overflow-hidden mb-8 card">
                <div class="p-6">
                    <div class="flex items-center mb-4">
                        <div class="bg-indigo-100 p-3 rounded-full mr-4">
                            <i class="fas fa-code text-indigo-600"></i>
                        </div>
                        <h3 class="text-2xl font-semibold">6. 跨站脚本攻击（XSS）保护</h3>
                    </div>
                    <p class="text-gray-600 mb-4"><strong>用途：</strong>防止恶意用户在应用程序中注入恶意脚本代码。</p>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">实现方式：</h4>
                    <div class="flex items-start">
                        <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                        <div>
                            <h5 class="font-medium">内容安全策略（CSP）</h5>
                            <p class="text-sm text-gray-500">通过设置 CSP 头防止 XSS 攻击</p>
                        </div>
                    </div>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">示例代码：</h4>
                    <div class="code-block rounded-lg overflow-hidden mb-6">
                        <pre class="p-4 text-sm overflow-x-auto"><code class="language-java">@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .headers()
                .contentSecurityPolicy("script-src 'self'");
    }
}</code></pre>
                    </div>
                </div>
            </div>

            <!-- Logging and Monitoring -->
            <div class="bg-white rounded-xl shadow-md overflow-hidden mb-8 card">
                <div class="p-6">
                    <div class="flex items-center mb-4">
                        <div class="bg-indigo-100 p-3 rounded-full mr-4">
                            <i class="fas fa-chart-line text-indigo-600"></i>
                        </div>
                        <h3 class="text-2xl font-semibold">7. 日志记录和监控</h3>
                    </div>
                    <p class="text-gray-600 mb-4"><strong>用途：</strong>记录安全事件和监控安全相关活动。</p>
                    
                    <h4 class="text-lg font-semibold mt-6 mb-3 text-gray-700">实现方式：</h4>
                    <div class="grid md:grid-cols-2 gap-4 mb-6">
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">日志记录</h5>
                                <p class="text-sm text-gray-500">记录登录、登出、访问控制等事件</p>
                            </div>
                        </div>
                        <div class="flex items-start">
                            <i class="fas fa-check-circle text-green-500 mt-1 mr-2"></i>
                            <div>
                                <h5 class="font-medium">监控</h5>
                                <p class="text-sm text-gray-500">集成监控工具监控安全活动</p>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </section>

    <!-- Diagram Section -->
    <section id="diagram" class="py-16 px-4 md:px-0 bg-white">
        <div class="container mx-auto max-w-6xl">
            <div class="text-center mb-12">
                <h2 class="text-3xl font-bold mb-4">Spring Security 架构图</h2>
                <p class="text-gray-600 max-w-2xl mx-auto">可视化展示 Spring Security 的核心组件与交互流程</p>
            </div>
            
            <div class="bg-gray-50 rounded-xl p-6 mb-8">
                <div class="mermaid">
                    graph TD
                    A[客户端] -->|请求| B(安全过滤器链)
                    B --> C{认证过滤器}
                    C -->|认证成功| D[授权过滤器]
                    C -->|认证失败| E[返回401]
                    D -->|授权通过| F[业务处理]
                    D -->|授权失败| G[返回403]
                    F --> H[返回响应]
                    
                    subgraph Spring Security
                    B
                    C
                    D
                    end
                    
                    subgraph 业务系统
                    F
                    H
                    end
                </div>
            </div>
            
            <div class="grid md:grid-cols-3 gap-6">
                <div class="bg-indigo-50 rounded-lg p-6">
                    <div class="flex items-center mb-3">
                        <div class="bg-indigo-100 p-2 rounded-full mr-3">
                            <i class="fas fa-filter text-indigo-600"></i>
                        </div>
                        <h4 class="font-semibold">安全过滤器链</h4>
                    </div>
                    <p class="text-sm text-gray-600">Spring Security 的核心，由一系列安全过滤器组成，按顺序处理请求。</p>
                </div>
                <div class="bg-indigo-50 rounded-lg p-6">
                    <div class="flex items-center mb-3">
                        <div class="bg-indigo-100 p-2 rounded-full mr-3">
                            <i class="fas fa-user-check text-indigo-600"></i>
                        </div>
                        <h4 class="font-semibold">认证过滤器</h4>
                    </div>
                    <p class="text-sm text-gray-600">验证用户身份，成功后生成包含用户信息的认证对象。</p>
                </div>
                <div class="bg-indigo-50 rounded-lg p-6">
                    <div class="flex items-center mb-3">
                        <div class="bg-indigo-100 p-2 rounded-full mr-3">
                            <i class="fas fa-lock text-indigo-600"></i>
                        </div>
                        <h4 class="font-semibold">授权过滤器</h4>
                    </div>
                    <p class="text-sm text-gray-600">检查用户是否有权限访问请求的资源或执行操作。</p>
                </div>
            </div>
        </div>
    </section>

    <!-- Footer -->
    <footer class="bg-gray-900 text-white py-10 px-4 md:px-0">
        <div class="container mx-auto max-w-6xl">
            <div class="flex flex-col md:flex-row justify-between items-center">
                <div class="mb-6 md:mb-0">
                    <div class="text-2xl font-bold mb-2">技术小馆</div>
                    <p class="text-gray-400">专业的技术知识与资源分享平台</p>
                </div>
                <div>
                    <a href="http://www.yuque.com/jtostring" class="text-gray-300 hover:text-white transition duration-300">
                        <i class="fas fa-link mr-2"></i> http://www.yuque.com/jtostring
                    </a>
                </div>
            </div>
            <div class="border-t border-gray-800 mt-8 pt-8 text-center text-gray-500 text-sm">
                &copy; 2023 技术小馆. 保留所有权利.
            </div>
        </div>
    </footer>

    <script>
        mermaid.initialize({
            startOnLoad: true,
            theme: 'default',
            flowchart: {
                useMaxWidth: true,
                htmlLabels: true,
                curve: 'basis'
            }
        });
        
        // 平滑滚动
        document.querySelectorAll('a[href^="#"]').forEach(anchor => {
            anchor.addEventListener('click', function (e) {
                e.preventDefault();
                document.querySelector(this.getAttribute('href')).scrollIntoView({
                    behavior: 'smooth'
                });
            });
        });
    </script>
</body>
</html>
```